#signdigitalsovereigninfra $SIGN SIGN supports auto-expiring credentials, but the question no one answers is who controls the logic behind that expiration.
One detail in the Sign Protocol attestation management section sits right at the boundary of what “automatic” really means.
The whitepaper lists “expiration management: support for time-bound Attestations with automatic expiration” as part of the credential lifecycle. A professional license expires after one year. A visa expires after six months. The expiration is automatic, meaning the credential fails verification once the defined date passes, without anyone needing to revoke it manually.
At the design level, this is efficient. There is no manual expiry workflow. There is no expired-credential revocation list to maintain. Time-bound credentials simply age out on their own.
But in a blockchain-based system, automatic expiration is never abstract. The logic has to exist somewhere.
In SIGN’s architecture, that logic sits in the attestation smart contract or in the on-chain verification flow. When a verifier checks a credential, the contract compares the expiry timestamp with the current block time and returns a result: valid or expired.
That is where the more important question begins.
Who can change that expiry logic after deployment?
If a government deploys $SIGN and hard-codes credential validity periods into the smart contract—one year for professional licenses, five years for national ID—can those rules later be modified? Who holds the upgrade keys for the contract that governs expiry logic? And if an emergency makes an across-the-board extension necessary—COVID-style, for example, with all visa validity extended by six months—can the government do that?
@SignOfficial #SignDigitalSovereignInfra $SIGN
